Description 


RPM Telco is a private cloud service based on our proprietary RPM application. It is web-based and stores data in an individual database for each subscriber


How many servers do you have? 


  • We have multiple servers. Some are web servers that host the RPM application and some are database servers. The number of servers is adjusted based on our operational load.

  • Traffic is distributed among the web servers based on load and availability.

  • The database servers are in a private network accessible only by the web servers and through VPN.

  • File and email attachments are stored using an object storage service.

  • For security reasons we do not share hardware details about our servers or the exact number of machines.

  • Users only interact with the web servers, never the database or file servers directly. For file attachment download we provide temporary pre-signed URLs to access specific files directly from the file storage.


What are your servers? What technology do they use? 


We use Microsoft technology including Windows, SQL Server, the .Net Framework, C#, and IIS.

  • We are continually upgrading our servers with the current stable version and the best available hardware. We keep up with all security patches. We never use beta code.

  • For security reasons we do not share more specific software or configuration details about our servers.


Where are your servers located? 


  • All data and files are physically located only in the United States.

  • Our hosting provider is Amazon in their Oregon region.


What is your backup? 


  • Each of our multiple database servers keeps its own hourly backups.
  • The hourly backups are kept on each server for 1 week.

  • Each hourly backup is copied to a separate storage service and kept for 8 weeks.

 

How is your security tested? 


  • We perform manual and automated recursion and manual testing on every version of RPM we develop. We perform security testing on our live servers using Netsparker.
  • Our application architecture makes cross-site scripting and SQL injection attacks easy to protect against. By default all input received by the web servers is scrubbed. Values are then further checked at the single point of communication between the application and database servers.

 

Does RPM use third party code? 


Other than the Microsoft technology stack we use very little third party software. The little third party code we do use is vetted and updated. No third party code has access to the databases. We never use beta code.

 

What are some example software security practices? 


  • RPM requires a 128bit SSL connection, just like online banking
  • RPM does not store plain-text passwords
  • RPM does not require the client to have Java or Flash installed


Can we export our data?


  • During your subscription your live data is available as Excel downloads by users and through the API for automated backup or synchronization.

  • If ending a subscription or a large project we can create a handoff data dump that includes process fields and file attachments. The process fields in the dump are in a SQL database format.




Network Diagram